You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.

Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer box and/or Uncheck Resident.Close Spybot.

***

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:

Click the Spyware Doctor icon in the System Tray.

Click Settings.

Click Startup Settings under Pick a Category.

Uncheck Run at Windows startup.

Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.

***

Please print these instructions out for use in Safe Mode. Please note: your AntiVirus program may prompt you to a malicious program running. Allow the entire script to run.

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning and a list of forums to seek help at.
it should look like this

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

Once your machine reboots please continue with the instructions below.

***

Download and install Cleanup from here (Alternate site if the above is not working, go Here)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):

Cleanup will:* Empty Recycle Bins * Delete Cookies * Delete Prefetch files * Cleanup! All UsersYou never have to do anything you are not comfortable with. But you can trust me to not give you directions to kill your computer

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Launch ewido, there should be an icon on your desktop double-click it.

The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update

Then click on Start Update

The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed close Ewido for now

***

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

It didn't seem to find much. You have been very helpful. The computer seems to be responding better. If there are more comments you care to make, or more procedures that you would like to suggest, please feel free to do so.

I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either:(1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.That's all the comments left for me I guess.

Is the computer running ok?If so, shall I post you some tips for the future and close this topic?

Yes, if my machine is as clean as it can be please do post some final tips and close the thread.

My computer is running well.

I actually only have AVG7 installed and operational. Norton came with the computer purchase as a limited trial offer that I never installed, since I never planned to buy Norton. I should uninstall Norton. I just never got around to it.

All file are:Windows Update AutoUpdate Client. Background process which checks with Microsoft website for updates to the operating system. Shows up on the Task Manager's processes list when it is waiting for a response, e.g. to confirm permission to download an update.

It's in windows/system32 because it belongs there (being a system file).It's in windows/lastgood/system32 because that is a backupfolder.One is in I386 because in that directory the most important files from the installation are kept.And the one in prefetch is there because is most recently ran.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software.